Do not change password reset token in specs

rootstrap · Sep 29, 2023 · 66fcc3e · 66fcc3e
1 parent 9998076
commit 66fcc3e
Show file tree

Hide file tree

Showing 2 changed files with 14 additions and 5 deletions.
diff --git a/doc/openapi.yaml b/doc/openapi.yaml
@@ -734,7 +734,7 @@ paths:
         in: query
         schema:
           type: string
-        example: kmeqD3h8LoPQ7izJgDLa
+        example: 96BuszWmzDxRqXYzc_Mf
       responses:
         '302':
           description: returns the client id

diff --git a/spec/requests/api/v1/passwords/edit_spec.rb b/spec/requests/api/v1/passwords/edit_spec.rb
@@ -3,16 +3,25 @@
 describe 'GET api/v1/users/passwords/edit' do
   subject { get edit_user_password_path, params: }
 
-  let(:user)           { create(:user, password: 'mypass123') }
-  let(:password_token) { user.send(:set_reset_password_token) }
+  let(:user) { create(:user, password: 'mypass123') }
+  # We have to fix the raw token so this doesn't change in the docs
+  let(:raw) { '96BuszWmzDxRqXYzc_Mf' }
+  let(:key) { Devise.token_generator.send(:key_for, 'reset_password_token') }
+  let(:enc) { OpenSSL::HMAC.hexdigest('SHA256', key, raw) }
   let(:params) do
     {
-      reset_password_token: password_token,
+      reset_password_token: raw,
       redirect_url: ENV.fetch('PASSWORD_RESET_URL', nil)
     }
   end
 
-  before { subject }
+  before do
+    # This is what Devise does behind the scenes in #set_reset_password_token
+    user.reset_password_token = enc
+    user.reset_password_sent_at = Time.current
+    user.save!(validate: false)
+    subject
+  end
 
   it 'returns a the access token, uid and client id' do
     expect(response.header['Location']).to include('token')